diff --git a/cowrie/Dockerfile b/cowrie/Dockerfile
new file mode 100644
index 0000000..1140d7e
--- /dev/null
+++ b/cowrie/Dockerfile
@@ -0,0 +1,27 @@
+#
+# Dockerfile for cowrie
+#
+
+FROM alpine
+MAINTAINER kev <noreply@datageek.info>
+
+RUN apk add -U curl \
+               py-pip \
+               py-twisted \
+               tar \
+    && pip install pyasn1 \
+    && adduser -D cowrie \
+    && cd /home/cowrie \
+    && curl -sSL https://github.com/micheloosterhof/cowrie/archive/master.tar.gz | tar xz --strip 1 \
+    && mv cowrie.cfg.dist cowrie.cfg \
+    && chown -R cowrie:cowrie . \
+    && apk del curl \
+               tar \
+    && rm -rf /var/cache/apk/*
+    
+EXPOSE 2222
+
+USER cowrie
+WORKDIR /home/cowrie
+
+CMD ["twistd", "-n", "-l", "log/cowrie.log", "cowrie"]
diff --git a/cowrie/README.md b/cowrie/README.md
new file mode 100644
index 0000000..dbf682b
--- /dev/null
+++ b/cowrie/README.md
@@ -0,0 +1,43 @@
+cowrie
+======
+
+[`Cowrie`][1] is a medium interaction SSH honeypot designed to log brute force attacks
+and, most importantly, the entire shell interaction performed by the attacker.
+
+`Cowrie` is directly based on [`Kippo`][2] by Upi Tamminen (desaster).
+
+## docker-compose.yml
+
+```
+cowrie:
+  image: vimagick/cowrie
+  ports:
+    - "2222:2222"
+  volumes:
+    - log:/home/cowrie/log
+  restart: always
+```
+
+## server
+
+```
+$ cd ~/fig/cowrie
+$ tree -F
+.
+├── docker-compose.yml
+└── log/
+    └── tty/
+$ docker-compose up -d
+$ tail -f log/cowrie.log
+```
+
+## client
+
+```
+$ ssh -p 2222 root@server
+```
+
+> You can login as `root:root` or `root:123456`.
+
+[1]: https://github.com/micheloosterhof/cowrie
+[2]: http://github.com/desaster/kippo/
diff --git a/cowrie/docker-compose.yml b/cowrie/docker-compose.yml
new file mode 100644
index 0000000..f1d65e2
--- /dev/null
+++ b/cowrie/docker-compose.yml
@@ -0,0 +1,7 @@
+cowrie:
+  image: vimagick/cowrie
+  ports:
+    - "2222:2222"
+  volumes:
+    - log:/home/cowrie/log
+  restart: always